Abstract: A client is redirected by a relying party to the supporting entity (such as an identity or claims provider). The relying party also sends a cookie that includes a nonce, and another copy of the nonce in a redirection context (e.g., in a context string). The client then communicates with the supporting entity to facilitate the supporting service, whereupon the supporting entity sends a validation token back to the client evidencing completion of the supporting service. The supporting party also sends the nonce back as part of the redirection context (e.g., in a context string). The client then sends a followup service request that includes the cookie, the nonce returned by the supporting entity, and the validation token to the relying party. The relying party may compare the nonce in the cookie with the nonce returned by the supporting entity to verify that the request is valid.

Abstract: A client is redirected by a relying party to the supporting entity (such as an identity or claims provider). The relying party also sends a cookie that includes a nonce, and another copy of the nonce in a redirection context (e.g., in a context string). The client then communicates with the supporting entity to facilitate the supporting service, whereupon the supporting entity sends a validation token back to the client evidencing completion of the supporting service. The supporting party also sends the nonce back as part of the redirection context (e.g., in a context string). The client then sends a followup service request that includes the cookie, the nonce returned by the supporting entity, and the validation token to the relying party. The relying party may compare the nonce in the cookie with the nonce returned by the supporting entity to verify that the request is valid.